Identity Theft Information for Victim’s

What Are Identity Theft and Identity Fraud?

Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain. These Web pages are intended to explain why you need to take precautions to protect yourself from identity theft. Unlike your fingerprints, which are unique to you and cannot be given to someone else for their use, your personal data ­ especially your Social Security number, your bank account or credit card number, your telephone calling card number, and other valuable identifying data ­ can be used, if they fall into the wrong hands, to personally profit at your expense. In the United States for example, many people have reported that unauthorized persons have taken funds out of their bank or financial accounts, or, in the worst cases, taken over their identities altogether, running up vast debts and committing crimes while using the victim’s names. In many cases, a victim’s losses may include not only out-of-pocket financial losses, but substantial additional financial costs associated with trying to restore his reputation in the community and correcting erroneous information for which the criminal is responsible.

In one notorious case of identity theft, the criminal, a convicted felon, not only incurred more than $100,000 of credit card debt, obtained a federal home loan, and bought homes, motorcycles, and handguns in the victim’s name, but called his victim to taunt him — saying that he could continue to pose as the victim for as long as he wanted because identity theft was not a federal crime at that time — before filing for bankruptcy, also in the victim’s name. While the victim and his wife spent more than four years and more than $15,000 of their own money to restore their credit and reputation, the criminal served a brief sentence for making a false statement to procure a firearm, but made no restitution to his victim for any of the harm he had caused. This case, and others like it, prompted Congress in 1998 to create a new federal offense of identity theft.

Contact the Federal Trade Commission (FTC) to report the situation. You will need to visit the FTC website for identity theft athttps://www.identitytheft.gov

The FTC is the federal agency empowered to be the first line of defense for Identity Theft Victims. They are the lead federal agency that you will be able to help you.

Complete the FTC’s online complaint form(link is external). Give as many details as you can. The complaint form is not available on mobile devices, but you can call 1-877-438-4338 to make your report. Based on the information you enter, the FTC complaint system will create your Identity Theft Affidavit. You’ll need this to complete other steps.

Go to your local Sheriff’s or Police office with:

1) A copy of your FTC Identity Theft Affidavit. You will be asked to sign this in the presence of the Deputy/Officer who is taking your report.

You may also need to contact other agencies for other types of identity theft:

Your local office of the Postal Inspection Service if you suspect that an identity thief has submitted a change-of-address form with the Post Office to redirect your mail, or has used the mail to commit frauds involving your identity;

To order a copy of your credit report ($8 in most states), write to P.O. Box 390, Springfield, PA 19064 or call: (800) 888-4213.

To dispute information in your report, call the phone number provided on your credit report.

To opt out of pre-approved offers of credit and marketing lists, call (800) 680-7293 or (888) 5OPTOUT or write to P.O Box 97328, Jackson, MS 39238.

Contact all creditors with whom your name or identifying data have been fraudulently used. For example, you may need to contact your long-distance telephone company if your long-distance calling card has been stolen or you find fraudulent charges on your bill.

Contact all financial institutions where you have accounts that an identity thief has taken over or that have been created in your name but without your knowledge. You may need to cancel those accounts, place stop-payment orders on any outstanding checks that may not have cleared, and change your Automated Teller Machine (ATM) card, account, and Personal Identification Number (PIN).

Contact the major check verification companies (listed in the CalPIRG-Privacy Rights Clearinghouse checklist[external link]) if you have had checks stolen or bank accounts set up by an identity thief. In particular, if you know that a particular merchant has received a check stolen from you, contact the verification company that the merchant uses.

Federal Laws and Identity Theft and Fraud?

The U.S. Department of Justice prosecutes cases of identity theft and fraud under a variety of federal statutes. In the fall of 1998, for example, Congress passed the Identity Theft and Assumption Deterrence Act . This legislation created a new offense of identity theft, which prohibits “knowingly transfer[ring] or using, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.”

18 U.S.C. § 1028(a)(7). This offense, in most circumstances, carries a maximum term of 15 years imprisonment, a fine, and criminal forfeiture of any personal property used or intended to be used to commit the offense.

* While identity theft can be a violation of federal laws that does not mean that a federal law enforcement agency (FBI, Secret Service, Postal Inspection, etc…) will become involved in the investigation. Likewise the U.S. Attorney’s Office may not prosecute a minor isolated case of identity theft. Unless the case involves a large amount of money, several victims and multiple jurisdictions or in the event that a federal agency was already working the case don’t expect the federal government to assist with the investigation or prosecution.

The Humphreys County Sheriff’s Office has worked investigations with the U.S. Secret Service and other federal agencies in the past that involved large scale multi-state criminal organizations. These federal partners provide assistance when they can but may not become directly involved in your case even though a federal law has been violated.

Here are some examples of recent federal cases:

Local Case (Tennessee/New York/California): In December 2013 Humphreys County Sheriff’s Office CID Detectives launched an investigation involving multiple cases of identity theft centered around the Pilot Travel Center in Hurricane Mills. The U.S. Secret Service was notified and assisted with the investigation. The investigation grew and was found to be part of an organized crime ring with ties to the Russian Mafia that stretched from California to New York. Suspects were identified in New York and California. After several months of investigation the U.S. Secret Service New York Office arrested (13) Armenian nationals on federal charges with connections to New York and California for their involvement in skimming at Pilot/Flying J gas stations throughout the South. One of these Armenian nationals had the GPS coordinates to the Pilot #53 in Humphreys County, TN in his cell phone which were recovered via a Search Warrant.

Central District of California: A man was indicted, pleaded guilty to federal charges and was sentenced to 27 months’ imprisonment for obtaining private bank account information about an insurance company’s policyholders and using that information to deposit $764,000 in counterfeit checks into a bank account he established.

What are the Most Common Ways To Commit Identity Theft or Fraud?

Many people do not realize how easily criminals can obtain our personal data without having to break into our homes. In public places, for example, criminals may engage in “shoulder surfing” by¬ watching you from a nearby location as you punch in your telephone calling card number or credit card number or listen in on your conversation if you give your credit-card number over the telephone to a hotel or rental car company.

If you receive applications for “pre-approved” credit cards in the mail, but discard them without tearing up the enclosed materials, criminals may retrieve them and try to activate the cards for their use without your knowledge. (Some credit card companies, when sending credit cards, have adopted security measures that allow a card recipient to activate the card only from his or her home telephone number but this is not yet a universal practice.) Also, if your mail is delivered to a place where others have ready access to it, criminals may simply intercept and redirect your mail to another location.

In recent years, the Internet has become an appealing place for criminals to obtain identifying data, such as passwords or even banking information. In their haste to explore the exciting features of the Internet, many people respond to “spam”¬ unsolicited E-mail that promises them some benefit but requests identifying data, without realizing that in many cases, the requester has no intention of keeping his promise. In some cases, criminals reportedly have used computer technology to obtain large amounts of personal data.

With enough identifying information about an individual, a criminal can take over that individual’s identity to conduct a wide range of crimes: for example, false applications for loans and credit cards, fraudulent withdrawals from bank accounts, fraudulent use of telephone calling cards, or obtaining other goods or privileges which the criminal might be denied if he were to use his real name. If the criminal takes steps to ensure that bills for the falsely obtained credit cards, or bank statements showing the unauthorized withdrawals, are sent to an address other than the victim’s, the victim may not become aware of what is happening until the criminal has already inflicted substantial damage on the victim’s assets, credit, and reputation.

(a) This section shall be known and may be cited as the “Identity Theft Victims’ Rights Act of 2004.”

(b)(1) A person commits the offense of identity theft who knowingly obtains, possesses, buys, or uses, the personal identifying information of another:

(A) With the intent to commit any unlawful act including, but not limited to, obtaining or attempting to obtain credit, goods, services or medical information in the name of such other person; and

(B)(i) Without the consent of such other person;

(ii) Without the lawful authority to obtain, possess, buy or use that identifying information; or

(iii) To commit a violation of § 53-11-402 or § 53-11-416 by using a prescription for a controlled substance represented as having been issued by a physician, nurse practitioner, or other health care provider.

(2) For purposes of the offense of identity theft, an activity involving a possession, use or transfer that is permitted by the Tennessee Financial Records Privacy Act, compiled in title 45, chapter 10; Title V of the Gramm-Leach-Bliley Act, Pub. L. No. 106-102; or the Fair Credit Reporting Act, as amended by the Fair and Accurate Credit Transactional Act, (15 U.S.C. § 1681 et seq.) shall not be considered an “unlawful act”.

(c)(1) A person commits the offense of identity theft trafficking who knowingly sells, transfers, gives, trades, loans or delivers, or possesses with the intent to sell, transfer, give, trade, loan or deliver, the personal identifying information of another:

(A) With the intent that the information be used by someone else to commit any unlawful act including, but not limited to, obtaining or attempting to obtain credit, goods, services or medical information in the name of the other person; or

(B) Under circumstances such that the person should have known that the identifying information would be used by someone else to commit any unlawful act including, but not limited to, obtaining or attempting to obtain credit, goods, services or medical information in the name of the other person; and

(C) The person does not have the consent of the person who is identified by the information to sell, transfer, give, trade, loan or deliver, or possess with the intent to sell, transfer, give, trade, loan or deliver, that information; and

(D) The person does not have lawful authority to sell, transfer, give, trade, loan or deliver, or possess with the intent to sell, transfer, give, loan or deliver, the personal identifying information.

(2) For purposes of the offense of identity theft trafficking, an activity involving a possession, use or transfer that is permitted by the Tennessee Financial Records Privacy Act, compiled in title 45, chapter 10; Title V of the Gramm-Leach-Bliley Act, Pub. L. No. 106-102; or the Fair Credit Reporting Act, as amended by the Fair and Accurate Credit Transactional Act, (15 U.S.C. § 1681 et seq.) shall not be considered an “unlawful act”.

(d) In a prosecution under subsection (c), the trier of fact may infer from the defendant’s simultaneous possession of the personal identifying information of five (5) or more different individuals that the defendant possessed the personal identifying information with the intent to sell, transfer, give, trade, loan or deliver the information. However, if the defendant had the consent of one (1) or more of the individuals to possess the personal identifying information of that individual, the consenting individual shall not be counted in determining whether an inference of possession for sale may be drawn by the trier of fact.

(e) As used in this section, “personal identifying information” means any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual, including:

(3) Unique electronic identification number, address, routing code or other personal identifying data which enables an individual to obtain merchandise or service or to otherwise financially encumber the legitimate possessor of the identifying data;

(4) Telecommunication identifying information or access device; or

(5) Any name, number, information, medical prescribing pad, electronic message, or form used by a physician, nurse practitioner, or other health care provider for prescribing a controlled substance.

(f)(1) The general assembly recognizes that an offense under this section may result in more than one (1) victim. While a company or business that loses money, merchandise, or other things of value as a result of the offense is a victim, it is equally true that the person whose identity is stolen is also a victim. The person whose identity is stolen suffers definite and measurable losses including expenses necessary to cancel, stop payment on, or replace stolen items such as credit cards, checks, driver licenses, and other documents, costs incurred in discovering the extent of the identity theft, in repairing damage from the theft such as credit ratings and reports and preventing further damages from the theft, long distance telephone charges to law enforcement officials, government offices, and businesses in regard to the theft, and lost wages from the time away from work required to obtain new personal identifying information and complete all of the tasks set out in this subdivision (f)(1). In addition to measurable losses, the person whose identity is stolen also suffers immeasurable damages such as stress and anxiety as well as possible health problems resulting from or aggravated by the offense.

(2) For the reasons set out in subdivision (f)(1), the general assembly declares that any person whose identity is unlawfully obtained in violation of subsection (b) or (c) is a victim of crime within the meaning of Article 1, § 35 of the Constitution of Tennessee and title 40, chapter 38.

(g)(1) Notwithstanding any law to the contrary, if a private entity or business maintains a record that contains any of the personal identifying information set out in subdivision (g)(2) concerning one of its customers, and the entity, by law, practice or policy discards such records after a specified period of time, any record containing the personal identifying information shall not be discarded unless the business:

(A) Shreds or burns the customer’s record before discarding the record;

(B) Erases the personal identifying information contained in the customer’s record before discarding the record;

(C) Modifies the customer’s record to make the personal identifying information unreadable before discarding the record; or

(D) Takes action to destroy the customer’s personal identifying information in a manner that it reasonably believes will ensure that no unauthorized persons have access to the personal identifying information contained in the customer’s record for the period of time between the record’s disposal and the record’s destruction.

(2) As used in this subsection (g), “personal identifying information” means a customer’s:

(A) Social security number;

(B) Driver license identification number;

(C) Savings account number;

(D) Checking account number;

(E) PIN (personal identification number) or password;

(F) Complete credit or debit card number;

(G) Demand deposit account number;

(H) Health insurance identification number; or

(I) Unique biometric data.

(3)(A) A violation of this subsection (g) shall be considered a violation of the Tennessee Consumer Protection Act of 1977, compiled in title 47, chapter 18, and may be punishable by a civil penalty in the amount of five hundred dollars ($500) for each record containing a customer’s personal identifying information that is wrongfully disposed of or discarded; provided, however, that no total penalty may exceed ten thousand dollars ($10,000) for any one (1) customer.

(B) It is an affirmative defense to any civil penalty imposed pursuant to this subsection (g) that the business used due diligence in its attempt to properly dispose of or discard the records.

(4) The methods of destroying the personal identifying information of a customer set out in this subsection (g) shall be considered the minimum standards. If a private entity or business by law, practice or policy currently is required to have or otherwise has in place more stringent methods and procedures for destroying the personal identifying information in a customer’s record than are required by this subsection (g), the private entity or business may continue to destroy the identifying information in the more stringent manner.

(5) To the extent that this subsection (g) conflicts with applicable federal law, this subsection (g) shall not apply to an entity that is subject to the enforcement authority of the federal banking agencies, the national credit union administration, the federal trade commission or the securities and exchange commission. For any such entity, the applicable federal law shall govern the proper disposition of records containing consumer information, or any compilation of consumer information, derived from consumer reports for a business purpose.

(6) Notwithstanding subdivision (g)(5), this subsection (g) shall not apply to any financial institution that is subject to the privacy and security provisions of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6801, et. seq., as amended, and as it existed on January 31, 2002.

(h)(1) The following property shall be subject to seizure and judicial forfeiture to the state in the manner provided:

(A) Any property, real or personal, directly or indirectly acquired by or received in violation of this section;

(B) Any property, real or personal, received as an inducement to violate this section;

(C) Any property, real or personal, traceable to the proceeds from the violation;

(D) Any property, real or personal, used in connection with or to facilitate a violation of this section; and

(E) All conveyances, including aircraft, vehicles or vessels, which are used, or are intended for use, in the commission of or escape from a violation of this section and any money, merchandise or other property contained in those conveyances.

(2) Property seized pursuant to this subsection (h) shall be seized and forfeited pursuant to the procedure set out in chapter 11, part 7 of this title.

(A) All property ordered forfeited shall be sold at public auction. The proceeds from all property forfeited and sold at public auction shall be disposed of by the court as directed by this section. The attorney general and reporter shall first be compensated for all expenses incident to the litigation, as approved by the court. Any costs for appeals shall be provided for by the trial court upon conclusion of the litigation. The attorney general and reporter shall then direct that any public agency be reimbursed for out-of-pocket expenses resulting from the investigation, seizure and storage of the forfeited property;

(B) Out of the proceeds remaining, the court shall order restitution be made to the person or persons whose identity was stolen for any identifiable losses resulting from the offense; and

(C) The court shall then award the remainder of the funds as follows:

(i) In the event that the investigating and seizing agency was a state agency, then ten percent (10%) of the funds shall be distributed to the state treasurer who shall deposit the funds in a designated account for the agency to be used in its identity theft operations;

(ii) In the event that the investigating and seizing agency is the Tennessee bureau of investigation, then ten (10%) of the funds shall be distributed to the state treasurer who shall deposit the funds in a designated account for the agency to be used in its identity theft operations;

(iii) In the event that the investigating and seizing agency is a local public agency, then twenty-five percent (25%) of the funds shall be distributed to its local government for distribution to the law enforcement agency for use in the enforcement of this section. When more than one (1) local public agency participated in the investigation and seizure of forfeited property as certified by the attorney general and reporter, then the court shall order a distribution of ten percent (10%) of the funds according to the participation of each local public agency. Accounting procedures for the financial administration of the funds shall be in keeping with those prescribed by the comptroller of the treasury; and

(iv) The remainder of the funds shall be distributed to the state treasurer who shall deposit the funds in the general fund to defray the incarceration costs associated with the offense of identity theft trafficking defined in subsection (c).

(4) For purposes of this subsection (h), a “local public agency” includes any county or municipal law enforcement agency or commission, the district attorney general, or any department or agency of local government authorized by the attorney general and reporter to participate in the investigation.

(5) Funds awarded under this section may not be used to supplement salaries of any public employee or law enforcement officer. Funds awarded under this section may not supplant other local or state funds.

(i)(1) Identity theft as prohibited by subsection (b) is a Class D felony.

(j)(1) For purposes of this subsection (j), “victim” means the person whose personal identifying information was obtained, possessed, bought or used in violation of subsection (b), or sold, transferred, given, traded, loaned, delivered or possessed in violation of subsection (c).

(2) Identity theft is a continuing offense because the offense involves an unlawful taking and use of personal identifying information that remains in the lawful possession of a victim wherever the victim currently resides or is found. As provided in this section, such unlawful taking and use are elements of the offense of identity theft and occur wherever the victim resides or is found.

(3) Pursuant to § 39-11-103 and subdivision (j)(2), if a victim of identity theft resides or is found in this state, an essential element of the offense is committed in this state and a defendant is subject to prosecution in this state, regardless of whether the defendant was ever actually in this state.

(4) Venue for the offense of identity theft shall be in any county where an essential element of the offense was committed, including but not limited to, in any county where the victim resides or is found, regardless of whether the defendant was ever actually in such county.

(k)(1) For purposes of this subsection (k):

(A) “Reencoder” means an electronic device that places encoded information from the computer chip or magnetic strip or stripe of a payment card, driver license or state or local government-issued identification card, onto the computer chip or magnetic strip or stripe of a different payment card, driver license, or state or local government-issued identification card, or any other electronic medium that allows an authorized transaction to occur; and

(B) “Scanning device” means a scanner, reader or any other electronic device that is used to access, read, scan, obtain, memorize, or store, temporarily or permanently, information encoded on a computer chip or magnetic strip or stripe of a payment card, driver license, or state or local government-issued identification card.

(2)(A) It is an offense for a person to use a scanning device or reencoder without the permission of the holder of the card or license from which information is being scanned or reencoded with the intent to commit, aid, or abet any criminal offense.

(B) It is an offense for a person who possesses any device, apparatus, equipment, software, material, good, property, or supply that is designed or adapted for use as a scanning device or reencoder with the intent to commit, aid, or abet any criminal offense.

(C) A violation of this subsection (k) is a class A misdemeanor.

Where Can I Find Out More About Identity Theft and Fraud?

A number of government and private organizations have information about various aspects of identity theft and fraud: how it can occur, what you can do about it, and how to guard your privacy. To help you learn more about the problem and its solutions, we’ve attached a list of Web sites that you might find interesting and informative on identity theft and related topics.

Note: All Web sites to which these pages cross-link are included as a service for the reader. Cross-links to non-governmental sites do not constitute an endorsement or approval of their content, or of the organizations responsible for that content, by the Sheriff’s Office.

What Can I Do About Identity Theft and Fraud?

To victims of identity theft and fraud, the task of correcting incorrect information about their financial or personal status, and trying to restore their good names and reputations, may seem as daunting as trying to solve a puzzle in which some of the pieces are missing and other pieces no longer fit as they once did. Unfortunately, the damage that criminals do in stealing another person’s identity and using it to commit fraud often takes far longer to undo than it took the criminal to commit the crimes.

What Should I Do To Avoid Becoming a Victim of Identity Theft?

To reduce or minimize the risk of becoming a victim of identity theft or fraud, there are some basic steps you can take. For starters, just remember the word “SCAM“:

S Be stingy about giving out your personal information to others unless you have a reason to trust them, regardless of where you are:

At Home:

Start by adopting a “need to know” approach to your personal data. Your credit card company may need to know your mother’s maiden name, so that it can verify your identity when you call to inquire about your account. A person who calls you and says he’s from your bank, however, doesn’t need to know that information if it’s already on file with your bank; the only purpose of such a call is to acquire that information for that person’s personal benefit. Also, the more information that you have printed on your personal bank checks — such as your Social Security number or home telephone number — the more personal data you are routinely handing out to people who may not need that information.

If someone you don’t know calls you on the telephone and offers you the chance to receive a “major” credit card, a prize, or other valuable item, but asks you for personal data — such as your Social Security number, credit card number or expiration date, or mother’s maiden name — ask them to send you a written application form.

If they won’t do it, tell them you’re not interested and hang up.

If they will, review the application carefully when you receive it and make sure it’s going to a company or financial institution that’s well-known and reputable. The Better Business Bureau[external link]can give you information about businesses that have been the subject of complaints.

On Travel:

If you’re traveling, have your mail held at your local post office, or ask someone you know well and trust ­ another family member, a friend, or a neighbor ­ to collect and hold your mail while you’re away.

If you have to telephone someone while you’re traveling, and need to pass on personal financial information to the person you’re calling, don’t do it at an open telephone booth where passers-by can listen in on what you’re saying; use a telephone booth where you can close the door, or wait until you’re at a less public location to call.

If you’re told that your statements are being mailed to another address that you haven’t authorized, tell the financial institution or credit card representative immediately that you did not authorize the change of address and that someone may be improperly using your accounts. In that situation, you should also ask for copies of all statements and debit or charge transactions that have occurred since the last statement you received. Obtaining those copies will help you to work with the financial institution or credit card company in determining whether some or all of those debit or charge transactions were fraudulent.

What Shouldn’t Be There:

If someone has gotten your financial data and made unauthorized debits or charges against your financial accounts, checking your monthly statements carefully may be the quickest way for you to find out. Too many of us give those statements, or the enclosed checks or credit transactions, only a quick glance, and don’t review them closely to make sure there are no unauthorized withdrawals or charges.

If someone has managed to get access to your mail or other personal data, and opened any credit cards in your name or taken any funds from your bank account, contact your financial institution or credit card company immediatelyto report those transactions and to request further action.

AAsk periodically for a copy of your credit report.

Your credit report should list all bank and financial accounts under your name, and will provide other indications of whether someone has wrongfully opened or used any accounts in your name.

MMaintain careful records of your banking and financial accounts.

Even though financial institutions are required to maintain copies of your checks, debit transactions, and similar transactions for five years, you should retain your monthly statements and checks for at least one year, if not more. If you need to dispute a particular check or transaction ­ especially if they purport to bear your signatures ­ your original records will be more immediately accessible and useful to the institutions that you have contacted.

Even if you take all of these steps, however, it’s still possible that you can become a victim of identity theft. Records containing your personal data — credit-card receipts or car-rental agreements, for example — may be found by or shared with someone who decides to use your data for fraudulent purposes.